I am experiencing an issue where when desktops/laptops move between different office locations and sites. Each site has its own subnet/DHCP scope, and the sites with wireless have a separate scope for it (one wired and one wireless).
Machines that change networks get new DHCP addresses on their new subnet, as expected. When they can change between networks the DNS entries for the majority of machines are not being updated consistently (a few do), resulting in being unable to connect to shares etc. via hostname. There are also multiple DHCP leases for these machines, one per scope they've been in during the last 8 days. I can see from the DHCP logs that DHCP is sending DNS Update Requests for all of these leases, and getting DNS Update Failed:
DNS Update Failed,10.10.10.32,machinename.com,,,0,6,,,
DNS Update Request,10.10.10.32,machinename.com,,,0,6,,,
When the machines are moved to a new subnet/DHCP scope and receive their new IP, their associated DNS record is updated with the new IP temporarily, but after approx. 15-30 mins it is overwritten to the IP of the 1st DHCP scope lease that still exists.
For example, if the machine received a DHCP lease from scope 10.10.10.10 at 9:00am and then moved to scope 10.10.11.10 at 10:00am, the DNS record will revert back to the IP of 10.10.10.10 after 15-30 mins roughly. If I manually delete the older DHCP leases in other scopes this is no issue. I would think that the most recent DHCP lease IP would update DNS accordingly and remain until a newer DHCP lease is acquired.
Any insight as to why this is occurring would be appreciated.
The DHCP server is both a DNS and a DC running Windows Server 2008 (not R2).
DHCP options enabled:
003 - default gateway
006 - primary and secondary DNS servers
015 - domain name
081:
I inherited this infrastructure so I do not know if there is an account configured in DHCP for DNS dynamic updates. When I view the dialog box I see the following:
Is there a way to confirm whether an account has been specified here? Should the account be visible in the screen above along with the domain/password? When I look in AD, I see as account (DNSadmin) that is a member of the DNSUpdateProxy security group.
- DHCP lease times are the default 8 days
- DNS Aging refresh and norefresh intervals are both 7 days, but scavenging stale resource records is not checked:
I only have 1 DHCP server at each site.
Any assistance would be much appreciated.